You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
PCI Data Security Standards v4, which we are not yet required to comply with, includes:
6.4.3 All payment page scripts that are loaded and executed in the consumer’s browser are managed as follows:
• A method is implemented to confirm that each script is authorized.
• A method is implemented to assure the integrity of each script.
• An inventory of all scripts is maintained with written justification as to why each is necessary
Perma Payments uses a single line of javascript in an inline script tag to forward users to CyberSource.
Let's set Content-Security-Policy: script-src 'nonce-{random_nonce}' and <script nonce="{random_nonce}> (docs) when we get a chance, in anticipation of this requirement.
The text was updated successfully, but these errors were encountered:
PCI Data Security Standards v4, which we are not yet required to comply with, includes:
Perma Payments uses a single line of javascript in an inline script tag to forward users to CyberSource.
Let's set
Content-Security-Policy: script-src 'nonce-{random_nonce}'and<script nonce="{random_nonce}>(docs) when we get a chance, in anticipation of this requirement.The text was updated successfully, but these errors were encountered: